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^^ Abstract. Switched systems constitute an important modeling paradigm faithfully describing many 

04 engineering systems in which software interacts with the physical world. Despite considerable progress 

1— H on stability and stabilization of switched systems, the constant evolution of technology demands that 

, ? we make similar progress with respect to different, and perhaps more complex, objectives. This paper 

' describes one particular approach to address these different objectives based on the construction of 

^~^ approximately equivalent (bisimilar) symbolic models for switched systems. The main contribution 

v^ of this paper consists in showing that under standard assumptions ensuring incremental stability of a 

^_^ switched system (i.e. existence of a common Lyapunov function, or multiple Lyapunov functions with 

dwell time), it is possible to construct a finite symbolic model that is approximately bisimilar to the 
original switched system with a precision that can be chosen a priori. To support the computational 
merits of the proposed approach, we use symbolic models to synthesize controllers for two examples 
ri of switched systems, including the boost DC-DC converter. 
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G 1. Introduction 

^— ^ Switched systems constitute an important modeling paradigm faithfully describing many engineering 

^. systems in which software interacts with the physical world. Although this fact already amply justifies 

fvj its study, switched systems are also quite intriguing from a theoretical point of view. It is well known 

(^ that by judiciously switching between stable subsystems one can render the overall system unstable. 

^'^ This motivated several researchers over the years to understand which classes of switching strategies 

C~^ or switching signals preserve stability (see e.g. |Lib03] ) . Despite considerable progress on stability 

^^ and stabilization of switched systems, the constant evolution of technology demands that we make 

(^ similar progress with respect to different, and perhaps more complex, objectives. These comprise the 

synthesis of control strategies guiding the switched systems through predetermined operating points 
while avoiding certain regions in the state space, enforcing limit cycles and oscillatory behavior, 
/\ reconfiguration upon the occurrence of faults, etc. 

^ This paper describes one particular approach to address these different objectives based on the 

construction of symbolic models that are abstract description of the switched dynamics and in which 
each abstract state, or symbol, corresponds to an aggregate of states in the switched system. When 
the symbolic models are finite, controller synthesis problems can be efficiently solved by resorting 
to mature techniques developed in the areas of supervisory control of discrete-event systems |RW87| 
and algorithmic game theory JAVW03] . The crucial step is therefore the construction of symbolic 
models that are detailed enough to capture all the behavior of the original system, but not so 
detailed that their use for synthesis is as difficult as the original model. This is accomplished, at the 
technical level, by using the notion of approximate bisimulation. Approximate bisimulation has been 
introduced in |GP07] . as an approximate version of the usual bisimulation relation [Mil89l lPar81j . and 
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in |Tab06] by using set-valued observations. It generalizes the notion of bisimulation by requiring the 
outputs of two systems to be close instead of being strictly equal. This relaxed requirement makes it 
possible to compute symbolic models for larger classes of systems as shown recently for incrementally 
stable continuous control systems |PGT07j . 

In this paper, we first extend the standard theorems on asymptotic stability of switched systems, 
i.e. results based on the existence a common Lyapunov function, or multiple Lyapunov functions 
with dwell time jLib03| . to study incremental stability of switched systems. The main contribution 
of the paper consists in showing that under the assumptions ensuring incremental stability of a 
switched system, it is possible to construct a symbolic model that is approximately bisimilar to the 
original switched system with a precision that can be chosen a priori. The proof is constructive and 
it is straightforward to derive a procedure for the computation of these symbolic models. Since in 
problems of practical interest the state space can be assumed to be bounded, the resulting symbolic 
model is guaranteed to have finitely many states and can thus be used for algorithmic controller 
synthesis. To support the computational merits of the proposed approach, we show how to use 
symbolic models to synthesize controllers for two examples of switched systems. First, we consider 
the boost DC-DC converter, and show how to synthesize a switched controller that regulates the 
output voltage at a desired level. For this example, it is possible to find a common Lyapunov function, 
therefore, we consider a second example that illustrates the use of multiple Lyapunov functions with 
dwell time. A preliminary version of these results appeared in [GPTOSj . 

In the following, the symbols N, Z, M, M+ and M.Q denote the set of natural, integer, real, positive and 
nonnegative real numbers respectively. Given a vector x G M", we denote by Xi its i-th coordinate 
and by ||3;|| its Euclidean norm. 

2. Switched systems and incremental stability 

2.1. S'witched systems. We shall consider the class of switched systems formalized in the following 
definition. 

Definition 2.1. A switched system is a quadruple S = (W^,P,V,F), where: 

• M" is the state space; 

• P = {1, . . . , m} is the finite set of modes; 

• "P is a subset of 5(M,|, P) which denotes the set of piecewise constant functions from M.Q to 
P, continuous from the right and with a finite number of discontinuities on every bounded 
interval of M^ ; 

• F = {/i, . . . , fm} is a collection of vector fields indexed by P. For all p & P ■, fp '■ M" -^ M" 
is a locally Lipschitz continuous map. 

For all p £ P, we denote by T,p the continuous subsystem of S defined by the differential equation: 

(2.1) i(t) = /p(x(t)). 

We make the assumption that the vector field fp is such that the solutions of the differential equation 



(2.1) are defined on an interval of the form ]a, -|-oo[ with a < 0. Necessary and sufficient conditions 
to be satisfied by fp can be found in |AS99j . Simpler, but only sufficient, conditions include linear 
growth or compact support of the vector field fp. 

A switching signal of S is a function p £ V, the discontinuities of p are called switching times. 
A piecewise C^ function x : M^ — > M" is said to be a trajectory of S if it is continuous and there 
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exists a switching signal p G P such that, at each t G M.^ where the function p is continuous, x is 
continuously differentiable and satisfies: 

x(t) = /p(t)(x(t)). 

We will use x(t, x, p) to denote the point reached at time t € M,| from the initial condition x under 
the switching signal p. The assumptions on the vector fields /i, • • • , /m ensure for all initial conditions 
and switching signals, existence and uniqueness of the trajectory of S. Furthermore since switching 
signals have only a finite number of discontinuities on every bounded interval, Zeno behaviors are 
ruled out. Let us remark that a trajectory of T,p is a trajectory of T, associated with the constant 
switching signal p(i) = p, for all t E M.q. Then, we will use x(t,x,p) to denote the point reached by 
Sp at time t G M^J" from the initial condition x. 

2.2. Incremental stability. The results presented in this paper rely on some stability notions. A 
continuous function 7 : M.Q — > M^ is said to belong to class /C if it is strictly increasing and 7(0) = 0. 
Function 7 is said to belong to class /Coo if it is a /C function and 7(r) — > 00 when r -^ cxd. A 
continuous function (3 : M.^ x R^j" —>■ Mq" is said to belong to class JCC if for all fixed s, the map 
r I— > /3(r, s) belongs to class /Coo and for all fixed r, the map s 1— > /3(r, s) is strictly decreasing and 
/3(r, s) ^ when s — > 00. 

Definition 2.2. |Ang02| The subsystem Sp is incrementally globally asymptotically stable ((5-GAS) 
if there exists a ICC function /?p such that for all t G M^, for all x, y G M", the following condition is 
satisfied: 

||x(t,x,p) -x(i,y,p)|| < (3p{\\x-y\\,t). 

Intuitively, incremental stability means that all the trajectories of the subsystem T,p converge to the 
same reference trajectory independently of their initial condition. This is an incremental version 
of the notion of global asymptotic stability (GAS) |Kha96] . Let us remark that when fp satisfies 
/p(0) = then (5-GAS implies GAS, as all the trajectories of T,p converge to the trajectory x(t, 0,p) = 
0. Further, if fp is linear then 5-GAS and GAS are equivalent. Similarly to GAS, J-GAS can be 
characterized by dissipation inequalities. 

Definition 2.3. A smooth function V^ : R" x R" ^ R^ is a 5-GAS Lyapunov function for Sp if 
there exist /Coo functions a„, Op and Hp G R^ such that: 

(2.2) Vx,yGR", ap{\\x-y\\)<Vp{x,y)<ap{\\x-y\\); 

(2.3) Vx,yGR", ^{x,y)fp{x) + ^{x,y)fp{y)<-KpVp{x,y). 

The following result completely characterizes J-GAS in terms of existence of a (5-GAS Lyapunov 
function. 



Theorem 2.4. |Ang02 Ep is 6-GAS if and only if it admits a 5-GAS Lyapunov function. 



dVr,, \ r , S . dVr, 



Remark 2.5. In |Ang02| , (2.3) is replaced by -g^{x,y)fp{x) + -gf {x , y) fp{y) < -pp{\\x -y\\), where 
Pp is a positive definite function. It is known, though not trivial to show, that there is no loss of 
generality in considering /^p(||a:; — y\\) = KpVp{x,y), modifying the 5-GAS Lyapunov function Vp if 
necessary (see e.g. JPW96] ). 

For the purpose of this paper, we extend the notion of incremental stability to switched systems as 
follows: 
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Definition 2.6. A switched system S = (W^,P,V,F) is incrementally globally uniformly asymp- 
totically stable ((5-GUAS) if there exists a ICC function P such that for all t G M^, for all x,y G M", 
for all switching signals p £ V, the following condition is satisfied: 

(2.4) ||x(t,x,p)-x(t,y,p)||</?(||x-y||,t). 

Let us remark that the speed of convergence specified by the function (3 is independent of the 
switching signal p. Thus, the stability property is uniform over the set of switching signals; hence 
the notion of incremental global uniform asymptotic stability. Incremental stability of a switched 
system means that all the trajectories associated with the same switching signal converge to the same 
reference trajectory independently of their initial condition. This is an incremental version of global 
uniform asymptotic stability (GUAS) for switched systems f Lib03j . If for all p £ P, /p(0) = (i.e. 
all the subsystems share a common equilibrium), then (5-GUAS implies GUAS as all the trajectories 
of T, converge to the constant trajectory x(t, 0, p) = 0. Further, if for all p £ P, fp is linear, 5-GUAS 
and GUAS are equivalent. 

It is well known that a switched system whose subsystems are all GAS may exhibit some unstable 
behaviors under fast switching signals. The same kind of phenomenon can be observed for switched 
systems with (5-GAS subsystems. Similarly, the results on common or multiple Lyapunov functions 
for proving GUAS of switched systems (see e.g. |Lib03j ) can be extended to prove (5-GUAS. Let the 
/Coo functions a, a and the real number k be given by a = min(a]^, . . . ,«„), a = max(ai, . . . ,arn) 
and K = min(Ki, . . . , Km)- 

Theorem 2.7. Consider a switched system S = (W^,P,V,F). Let us assume that there exists 
V : M" X M" -^ M.Q which is a common 6 -GAS Lyapunov function for subsystems Si, ... , S^- Then, 

5 is 5-GUAS. 

Proof. Let x,y £ M", p G "P, the function t h->- Vhdt, x, p), x(t, y, p)) is continuous, piecewise C^ and 
for all t G Rq where p is continuous, equation (2.3) gives: 



y(x(t,x,p),x(t,y,p)) < -KV{x{t,x,p),x{t,y,p)). 
It follows, by continuity, that for all t G M^, 

y(x(t, X, p), x(t, y, p)) < y(x(0, X, p), x(0, y, p))e-''* = V{x, y)e-^' 



< a{\\x-y\\)e--\ 



Therefore, for all t G M^, 

||x(f,x,p) -x(t,y,p)|| < a-i(y(x(t,x,p),x(t,y,p))) < a-i(a(||x-y||)e-^*). 



Then, equation (2.4) holds with the function /? given by /3(r, s) = a ^{a{r)e '^'*). It is easy to check 



that f3 belongs to class /C£. Therefore, S is (5-GUAS. D 

When a common (5-GAS Lyapunov function fails to exist, (5-GUAS of the switched system can be 
ensured by using multiple (5-GAS Lyapunov functions and a restrained set of switching signals. Let 
St-^{M.q,P) denote the set of switching signals with dwell time t^ G M^ so that p G 5(M||,P) has 
dwell time t^ if the switching times ti, t2, ■ ■ ■ satisfy ti > r^ and tj — tj_i > t^, for all i >2. 

Theorem 2.8. Let t^ G M(J" and consider a switched system S^-^ = {W\P,Vt^,F) with Vr^ C 
Sr^{M.Q,P). Let us assume that for all p £ P, there exists a 5-GAS Lyapunov function Vp for 
subsystem S^-^^p and that in addition there exists /i > 1 such that: 

(2.5) Vx,y G M", Vp,p' G P, Vpix,y) < fiVpix,y). 
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Ifrd>^-^, then J^r^ is 6-GUAS. 

Proof. We shall prove the 5-GUAS property only for switching signals with an infinite number of 
discontinuities but a proof for signals with a finite number of discontinuities can be written in a very 
similar way. Let x,y £ M", p G 'Pt^, let to = and let Pi+i £ P denote the value of the switching 
signal on the open interval (tj,tj+i), for i G N. From equation (2.3), for all i G N and t G (tj,tj4-i) 

14j»+iWi,x,p),x(i,y,p)) < -Kyp^^^(x(t,2;,p),x(t,y,p)). 

Then, for ah i G N and t G [ti,tj+i], 

(2.6) yp,+,(x(t,x,p),x(t,y,p)) < yp,+,(x(ti,x,p),x(ti,y,p))e-''(*-*'). 



Particularly, for t = tj+i and from equation (2.5), it follows that for all i G N, 

^p,+2(x(ti+i, a;, p), x(ti+i, y, p)) < //e^^^^'+i-*' Vp,_|^i(x(ti, x, p), x(ti, y, p)). 
Using this inequality, we prove by induction that for alH G N 
(2.7) yp^^,(x(ti,x,p),x(ti,2/,p)) < ^V^*'yp,(x,y). 



Then, from equations (2.6) and (2.7), for all i G N and t G [ti,tj+i], 

^K+i(x(t,x,p),x(t,y,p)) < ^i'e-''%,{x,y). 

Since the switching signal p has dwell time r^, it follows that ti > ir^ and therefore for all t G [tj, tj+i], 
t > iTd- Since fi > I, then for alH G N and t G [ti, tj+i]. 



/^ 



=« log /^ 



< e ^d 



Hence, for all i G N and t G [tj, tj+i] 



logM 



^P.+i(x(t,x,p),x(t,2/,p)) <eV -d ; Vp,{x,y) < a(||x - y||)eV -d 



K t 



log A' 



-K t 



Therefore, for all t G 



^0 ' 



|x(i,x,p) -x(t,y,p)|| < a ^ (a(||x-y||je 



logM 



-K t 



Equation (2.4) holds with the function /3 given by P{r,s) = a I a(r)ev ^d / j which belongs to 

class ICC since by assumption -^^^-^ — k < 0. The same inequality can be shown for switching signals 

D 



with a finite number of discontinuities; thus, S is 5-GUAS. 



In the following, we show that under the assumptions of Theorems 2.7 or 2.8 ensuring incremental 
stability, it is possible to compute approximately equivalent symbolic models of switched systems. 
We will make the following supplementary assumption on the (5-GAS Lyapunov functions: for all 
p £ P, there exists a /Coo function 7^ such that 

(2.8) Vx,2/,zGM", \Vp{x,y)-Vp{x,z)\<-fp{\\y-z\\). 

Note that 7^ is not a function of the variable x. It is convenient, for later use, to define the /Coo 
function 7 by 7 = max(7i, . . . , 7^). We will discuss this assumption later in the paper and we will 
show that it is not restrictive provided we are interested in the dynamics of the switched system on 
a compact subset of the state space M". 
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3. Approximate bisimulation 

In this section, we present a notion of approximate equivalence which will relate a switched system 
to the symbolic models that we construct. We start by introducing the class of transition systems 
which allows us to model switched and symbolic systems in a common framework. 

Definition 3.1. A transition system is a sextuple T = {Q, L, ► , O, H, I) consisting of: 

• a set of states Q; 

• a set of labels L; 

• a transition relation >- Q Q x L x Q; 

• an output set O; 

• an output function H : Q ^ O; 

• a set of initial states I Q Q. 

T is said to be metric if the output set O is equipped with a metric d, countable if Q and L are 
countable sets, finite^ if Q and L are finite sets. 

The transition {q,l,q') G ► will be denoted q q' and means that the system can evolve 

from state q to state q' under the action labelled by /. Thus, the transition relation captures the 
dynamics of the transition system. 

Transition systems can serve as abstract models for describing switched systems. Given a switched 
system S = (W^, P,V,F) where V = S{M.q,P), we define the associated transition system T(S) = 

{Q,L, «- ,0,H,I), where the set of states is Q = M"; the set of labels is L = P x M+; the 

transition relation is given by 

X — '—- X if and only if x(r, x,p) = x , 

i.e. subsystem Sp goes from state x to state x' in time r; the set of outputs is O = M""; the observation 
map H is the identity map over M"; the set of initial states is / = M". The transition system T(T,) 
is metric when the set of outputs O = M" is equipped with the metric d{x, x') = \\x — x'\\. Note that 
the state space of T(S) is infinite. 

Usual equivalence relationships between transition systems rely on the equality of observed behaviors. 
In this paper, we are mostly interested in bisimulation equivalence |Mil89| IParSlj . Intuitively, a 
bisimulation relation between two transition systems Ti and T2 is a relation between their set of 
states explaining how a trajectory of T\ can be transformed into a trajectory of T2 with the same 
associated sequence of outputs, and vice versa. The requirement of equality of output sequences, 
as in the classical formulation of bisimulation [M il891 IPar81| is quite strong for metric transition 
systems. We shall relax this, by requiring output sequences to be close where closeness is measured 
with respect to the metric on the output space. This relaxation leads to the notion of approximate 
bisimulation relation introduced in |GP07] . 

Definition 3.2. Let Ti = (Qi,L, ,0,Hi,Ii), T2 = {Q2,L, ,0,H2,l2) be metric transi- 
tion systems with the same sets of labels L and outputs O equipped with the metric d. Let e G Mq 
be a given precision, a relation R Q Qi x Q2 is said to be an e-approximate bisimulation relation 
between Ti and T2 if for all [qi, q2) £ R: 

. d{Hi{qi),H2{q2))<e- 
I 



for all qi q'l, there exists 52 " ^2' such that {q'i,q'2) G -R; 
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• for all q2 q2, there exists qi q'l, such that {q'i,q2) G R- 

The transition systems Ti and T2 are said to be approximately bisimilar with precision e, denoted 
Ti ~, T2, if: 

• for all qi £ Ii, there exists q2 £ h, such that {qi,q2) S R', 

• for all q2 & h, there exists qi £ h, such that {qi,q2) S R- 

4. Approximately bisimilar symbolic models 

In the following, we will work with a sub-transition system of T(T,) obtained by selecting the tran- 
sitions of T(S) that describe trajectories of duration Tg for some chosen r^ G M"*". This can be seen 
as a sampling process. Particularly, we suppose that switching instants can only occur at times 
of the form iTs with i £ N. This is a natural constraint when the switching in S has to be con- 
trolled by a microprocessor with clock period r^. Given a switched system S = (W^jPjVyF) where 
V = S{M.Q , P), and a time sampling parameter Tg E M^, we define the associated transition system 
Tt-^(S) = {Qi, Li, ,Oi,Hi, /i) where the set of states is Qi = M"; the set of labels is Li = P; 

the transition relation is given by 

X X if and only if x(rs, x^-p) = x'; 



the set of outputs is 0\ = M"; the observation map }i\ is the identity map over M"; the set of 
initial states is I\ = M". The transition system Tt-^(S) is metric when the set of outputs 0\ = M" is 
equipped with the metric (i(x, x') = ||x — x'||. 

4.1. Common Lyapunov function. We first examine the simpler case when there exists a common 
(5-GAS Lyapunov function V for subsystems Si, ... , S^. We start by approximating the set of states 
Qi = W- by the lattice: 

GM" gi = /ci^, fci GZ, i = l,...,n 

where r/ G M+ is a state space discretization parameter. By simple geometrical considerations, we 
can check that for all x G M", there exists q G [M"]^ such that ||x — (/H < r/. 

Let us define the approximate transition system rT-^.^(S) = (Q2, -^2, ^ ) O2, Il2^l2)i where the set 

of states is Q2 = [I^^Jt;; the set of labels remains the same L2 = Li = P; the transition relation is 
given by 



q if and only if ||x(rs, (7,p) — (? || < ?7; 



2 

the set of outputs remains the same O2 = Oi = I^"; the observation map ¥[2 is the natural inclusion 
map from [M"]^ to M", i.e. ^2(9) = q; the set of initial states is I2 = [K"]?;. Note that the transition 
system Tt-^^^(S) is countable. Moreover, it is metric when the set of outputs O2 = K" is equipped with 
the metric (i(g, g') = \q — g'||. An illustration of the approximation principle is shown on Figure^ 

We now give the result that relates the existence of a common 5-GAS Lyapunov function for the 
subsystems Si, ... , S^ to the existence of approximately bisimilar symbolic models for the transition 
system Tt^{Tj). 
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< 



x(rs,g,p) 



Figure 1. Approximation principle for the computation of the symbohc model. 

Theorem 4.1. Consider a switched system S = (M'^jP, P,^) with V = 5(M^,P), time and state 
space sampling parameters Ts,ri & M+ and a desired precision e £ M^. Let us assume that there exists 
V : M" X M" -^ M.Q which is a common 6-GAS Lyapunov function for subsystems Si, ... , S^ and 



such that equation (2.8) holds for some /Coo function 7. // 



(4.1) 



77 < min I7 ((1 



0), 



a-1 



a[£ 



))} 



then, the transition systems Tt-^(S) and Tt-^^^(S) are approximately bisimilar with precision e. 



Proof. We start by showing that the relation R C Qi x Q2 defined by (x, q) G R, if and only 
if V{x,q) < a{e), is an e-approximate bisimulation relation. Let (x, q ) £ R, then we have that 

||x — q\\ < a~^ {V{x,q)) < e. Thus, the first condition of Definition 3.2 holds. Let x — ^-^ x', then 



x' = x(ts, x,p). There exists q' G [M"],, such that ||x(rs, q,p) — q'\\ < rj. Then, we have q q' . Let 



us check that {x ,q) £ R. From equation (2.8) 



\V{x',q) -V{x',:si{Ts,q,p))\ < 7(||g' - x(rs, gr,p))||) < 7(7?). 



It follows that 



V{x',q') < y(x',x(rs,g,p)) +7(7/) = y(x(Ts,x,p),x(rs,g,p)) + 7(r/) 



(4.2) 



< 



^V{x,q)+j{T]) 



because ^ is a 5-GAS Lyapunov function for subsystem Sp. Then, from equation (4.1) and since 7 
is a /Coo function, 

V{x',q) < e-'"""^a(e) + 7(77) < a(e). 



— «- 0', there is x >- x' such 

2 ^ ' 1 



Hence, {x', q') £ R. In a similar way, we can prove that, for all q 

that {x',q') E R. Hence R is an e-approximate bisimulation relation between T-j-iT,) and Tt-^^(S). 

By definition of I2 = \^'^]ri, for all x £ Ii = M", there exists q £ I2 such that ||a; — g^H < rj. Then, 

V{x,q) <a{\\x - q\\) <a{ri) < a{e) 

because of equation ( |4.1[ ) and a is a /Coo function. Hence, {x,q) £ R. Conversely, for all q £ I2, 
x = q £ W^ = Ii, then V{x,q) = and {x,q) £ R. Therefore, Tr^(T,) and Tr^^riC^) sue approximately 
bisimilar with precision e. D 
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Let US remark that, for a given time sampling parameter r^ and a desired precision e G M+, there 



always exists rj G M"*" sufficiently small such that equation (4.1) holds. This means that for switched 
systems admitting a common (5- GAS Lyapunov function there exists approximately bisimilar symbolic 
models and any precision can be reached for all sampling rates. 

The approach presented in this section for the computation of symbolic abstractions is quite similar 
to the approach presented in |PGT07| for (5-GAS continuous control systems. Though, instead of 
defining the approximate bisimulation relation using the infinity norm as in JPGT07] , we use sublevel 
sets of the common (^-GAS Lyapunov function. This makes it possible, unlike in |PGT07] , to compute 
symbolic models for arbitrary small time sampling parameter Tg. Further, this allows us to extend 
our approach to switched systems with multiple (5-GAS Lyapunov functions. 

4.2. Multiple Lyapunov functions. If a common (5-GAS Lyapunov function does not exist, it 
remains possible to compute approximately bisimilar symbolic models provided we restrict the set 
of switching signals using a dwell time r^. In this section, we consider a switched system S^-^ = 
(M", P,V,F) where V = Sr^{M.Q , P). Let Tg be a time sampling parameter; for simplicity and without 
loss of generality, we will assume that the dwell time t^ is an integer multiple of r^ : there exists N £N 
such that Td = Nts. Representing S^-^ using a transition system is a bit less trivial than previously as 
we need to record inside the state of the transition system the time elapsed since the latest switching 
occurred. Thus, the transition system associated with S^-^ is Tt-^(Et-^) = {Qi,Li, ► ,Oi, Hi,Ii) 

where: 

• The set of states is Qi = W^ x P x {0, . . . , N — 1} , a state {x,p,i) E Qi means that the 
current state of S^-^ is x, the current value of the switching signal is p and the time elapsed 
since the latest switching is exactly iTg, 'd i < N — 1, or at least {N — 1)ts, ii i = N — 1. 

• The set of labels is Li = P. 

• The transition relation is given by (x,p,i) {x',p',i') if and only if Z = p and one the 

following holds: 

— i < A^ — 1, x' = x(ts,x,p), p' = p and i' = i + 1: switching is not allowed because the 
time elapsed since the latest switch is strictly smaller than the dwell time; 

— i = N — 1, x' = x{ts,x,p), p' = p and i' = N — 1: switching is allowed but no switch 
occurs; 

— i = N — 1, x' = x{ts,x,p), p' ^ p and i' = 0: switching is allowed and a switch occurs. 

• The set of outputs is Oi = M". 

• The observation map Hi is given by Hi{(x,p,i)) = x. 

• The set of initial states is /i = M" x P x {0}. 

One can verify that the output trajectories of T^^ (^^t^) are the output trajectories of T^-^ (S) associated 
with switching signals with dwell time r^ = Nts- The approximation of the set of states of Tt-^(St-^) 
by a symbolic model is done using a lattice, as previously. Let t] S M+ be a state space discretization 
parameter, we define the transition system Tt-^^,,(St-j) = {Q2,L2, ,02, H2, h) where: 

• The set of states is Q2 = [R% x P x {0, . . . ,N - 1}. 

• The set of labels remains the same L2 = Li = P. 

• The transition relation is given by {q,p,i) {q',p',i') if and only if / = p and one of the 

following holds: 

— i < A^ — 1, ||x(rs, q,p) — q'\\ < rj, p' = p and i' = i + 1; 

— i = N — 1, \\x(Ts,q,p) — q'W < i], p' = p and i' = N — 1; 
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— i = N — 1, \\x{Ts,q,p) — q'W < rj, p' ^ p and i' = 0. 

• The set of outputs remains the same O2 = Oi = M". 

• The observation map H2 is given by H2{{q,p,i)) = q. 

• The set of initial states is h = [W% x P x {0}. 

Note that the transition system TT-^^^riC^ra) is countable. Moreover, TT^CLr^) and TT-^^riC^ra) ^-re metric 
when the set of outputs Oi = O2 = M" is equipped with the metric d{x, x') = ||x — x'||. The following 
theorem establishes the approximate equivalence of Tt-^(St-^) and TT-^^,j(Sr<i)- 

Theorem 4.2. Consider r^ G M^, a switched system S^-^ = (M", P, V, F) with V = 5t-j(]R(J", P), time 
and state space sampling parameters Ts,r] E M"*" and a desired precision e £ M^. Let us assume that 
for all p £ P, there exists a 6-GAS Lyapunov function Vp for subsystem Ti^^^p and that equations 
{2.5) and (2.8) hold for some /i > 1 and /Coo functions 71, . . . ,7m- If Td > -^^ and 

(4.3) r? < min L~' f ^~'_J (l - e-^-)a(e) j , a"! {a{e)) \ 

then, the transition systems Tr^{T,r^) and ^^^^.^(Srd) are approximately bisimilar with precision e. 

Proof. Let us define the relation i? ^ Qi x <52 by 

R = {{x,pi,ii,q,p2,i2) G Qi X Q2I Pi = P2 = P, k = i2 = i,Vp{x,q) < 6i} 
where 5o, . . . ,5n are given recursively by 

60 = a(e), 5i+i = e-^'^'Si + 7(7/). 
We can easily show that: 

(4.4) 5, = e— -=a(e) + 7(^) \ ~ "H? = r^^ + e"''^"^ ( a{e) ^^"^^ 



I _ Q KTs \ — Q KTs \ \ 



From equation (4.3) and since /i > 1 and 7 is a /Coo function, 7(77) < (1 — e ''^°)a(e). It follows 
from (4.4) that 5q> 5\> ■ ■ • > 5n-i > 5^. From equation ( |4.3| ), and since 7 is a /Coo function and 

Sn = e-'^^^aie) + j{v)- — < e-^^-'aie) + - - e-^^^ a{e) = =^. 

We can now prove that R is an e- approximate bisimulation relation between Tt-^(St-j) and Tt-^^^(St-^). 
Let {x,p,i,q,p,i) E iZ, then 

\\Hi{x,p,i) -H2{q,p,i)\\ = \\x - q\\ < oT^ {Vp{x,q)) 

< a-\6i) < a-\6o) = £. 

Hence, the first condition of Definition |3.2| holds. Let us prove that the second condition holds as well. 

Let {x,p,i) {x',p',i'), then x' = x{ts,x,p). There exists a transition {q,p,i) {q',p',i') with 

\\q' — x(rs, q,p)\\ < rj. From equation (2.8) and since T^ is a (5-GAS Lyapunov function for subsystem 
Sp we can show, similarly to equation (4.2), that 

(4.5) Vp{x',q') < e-''^^Vp{x,q)+^{r,) < g-'^-^Ji + 7(7?) = 5i+i. 

We now examine three separate cases: 

• If i < A^ — 1, then p' = p and i' = i + 1; since Vp[x'.,q') < (5j+i, it follows that {x',p,i + 
l,q',p,i + l)£R. 
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A^ - 1; from (|45|), Vp{x',q') < 6n < Sn-i, it follows that 



If i = A^ — 1 and p' = p, then i' 

{x',p,N-l,q',p,N-l)eR. 

Hi = N — 1 and p' / p, then i' = 0; from (4.5), Vp{x' , q') < 6n < ^o/lJ'- From equation (2.8) 



it follows that Vp'{x',q') < iiVp{x',q') < 5o. Therefore, {x' ,p' ,0,q',p' ,0) € R. 



Similarly, we can show that for any transition {q,p,i) 



]',p',i'), there exists a transition 



{x,p,i) 



{x',p',i') such that {x' ,p' ,i',q' ,p' ,i') £ R. Hence, R is an e-approximate bisimula- 



tion relation. 

For all initial states {x,p,0) G /i, there exists {q,p,0) G I2 such that ||x — q\\ < r]. Then, 



Vp{x,q) < ci{ri) < a{e) because of equation (4.3) and a is /Coo function. Hence, Vp{x,q) < 60 and 
{x,p,0,q,p,0) G R. Conversely, for all {q,p,0) G I2, {x,p,0) = {q,p,0) G h. Then, Vp{x,q) = < Sq 
and {x,p,0,q,p,0) G R. Thus, T-r^CEr^) and ^^^^^(St-^) are approximately bisimilar with precision 

e. ' D 



Provided that t^ > -^Si^^ for a given time sampling parameter and a desired precision, there always 
exists r] G M"*" sufficiently small such that equation (4.3) holds. Thus, if the dwell time is large 



enough, we can compute symbolic models of arbitrary precision of the switched system. Let us 
remark that the lower bound we obtain on the dwell time is the same than the one in Theorem 12.81 



ensuring incremental stability of the switched system. Also, Theorem 4.1 can be seen as a corollary 



of Theorem 4.2 Indeed, existence of a common J-GAS Lyapunov function is equivalent to equation 
(2.5) with fi = 1. Then, no constraint is necessary on the dwell time and equation (4.3) becomes 



equivalent to (4.1). 



The previous Theorems also give indications on the practical computation of these symbolic models. 
The sets of states of Tr^^r^iT,) or Tt-^_^(St-^) are countable but infinite. However, in practical control 
applications, we are usually interested in the dynamics of the switched system only on a compact 
subset C C R^. Then, we can restrict the set of states of Tr^^riC^) or Tr^^riiX'T^} to the sets [M"]^ n C 
or ([M"]^ n C) X P X {0, . . . , A'^ — 1} which are finite. The computation of the transition relations 
is then relatively simple since it mainly involves the numerical computation of the points x(rs, q,p) 
with q G [M"]^ n C and p G P. This can be done by simulation of the subsystems Si, ... , S^- 
Numerical errors in the computation of these points can be taken into account: it is sufficient to 



replace r] hy rj + e, where e is an evaluation of the error, in Theorems 4.1 and 4.2 



Finally, we would like to discuss the assumption made in equation (2.8). This assumption may 
look quite strong because the inequality has to hold for any triple in M", and the function 7p must 
be independent of x. However, if we are interested in the dynamics of the switched system on the 
compact subset C C M*^, we only need this assumption to hold for all x,y,z & C. Then, it is sufficient 
to assume that Vp is C^ on C. Indeed, for all x,y,z £ C, 



\ypix,y) -Vp{x,z)\ < I max 

\x,yeC 



dVp 
dy 



{x,y) 



\y- z\ 



7p(lly-^l 



In this case, equation (2.8) holds. This means that the existence of approximately bisimilar symbolic 
models on an arbitrary compact subset of M" does not need more assumptions than existence of 
common or multiple Lyapunov functions ensuring incremental stability of the switched system. 
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5. Examples of symbolic control design 



In this section, we show the effectiveness of our approach on two examples illustrating the main 
results of the paper. 

5.1. Common Lyapunov functions: the boost DC-DC converter. We first use our method- 
ology to compute symbolic models of a concrete switched system: the boost DC-DC converter (see 
Figure |2]) . This is an example of electrical power convertor that has been studied from the point of 
view of hybrid control in |SEK03l IBPM051 IBKC051 IBFM06] . 



n 
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Sl 



o- 



S2 



ro 



vo 



Figure 2. boost DC-DC converter. 



The boost converter has two operation modes depending on the position of the switch. The state of 
the system is x{t) = [ii{t) Vc{t)]'^ where ii{t) is the inductor current and Vc{t) the capacitor voltage. 
The dynamics associated with both modes are affine of the form x{t) = Apx{t) + b {p = 1,2) with 



A, 



- 



1 



Xc TQ+ra 



A. 






1 



'•Q 



ic '"0+''c 



^l '■0+''c 
1 1 



It is clear that the boost DC-DC converter is an example of a switched system. In the following, we 
use the numerical values from |BPM05] . that is, in the per unit system, x^ = 70 p.u., x^ = 3 p.u., 
Tc = 0.005 p.u., r; = 0.05 p.u., ro = 1 p.u. and v^ = 1 p.u.. The goal of the boost DC-DC converter 
is to regulate the output voltage across the load tq. This control problem is usually reformulated as 
a current reference scheme. Then, the goal is to keep the inductor current i;(t) around a reference 
value ip^. This can be done, for instance, by synthesizing a controller that keeps the state of the 
switched system in an invariant set X centered around the reference value. 

It can be shown by solving a set of 2 linear matrix inequalities that the subsystems associated with the 
two operation modes are both incrementally stable and that they share a common (5-GAS Lyapunov 
function of the form V(x^ y) = \/{x — y)'^M{x — y), where M is positive definite symmetric. Thus, 
the switched system is 5-GAS however it is not GAS because the subsystems do not share a common 
equilibrium point. 

The matrix M can be computed using semi-definite programming; for a better numerical con- 
ditioning, we rescaled the second variable of the system (i.e. the state of the system becomes 
x{i) = [ii{t) bvc{t)\'^] the matrices Ai, A2 and vector b are modified accordingly). We obtained 

M — r 1.0224 0.00841 
^'^ — L 0.0084 1.0031 J • 

The corresponding (5-GAS Lyapunov function has the following characteristics: a{s) = s, a{s) = 
1.0127s, K = 0.014. Let us remark that equation (2.8) holds on the entire state-space with 7(5) = 
1.0127s. We set the sampling period to r^ = 0.5. Then, a symbolic model can be computed for the 
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boost DC-DC converter using the procedure described in Section 4.1. According to Theorem 4.1 



desired precision e can be achieved by choosing a state space discretization parameter rj satisfying 
T] < e/145. In this example, the ratio between the precision of the symbolic approximation and the 
state space discretization parameter is quite large. This is explained by the fact that the subsystems 
are quite weakly stable since the value of k is small. 





55 1.6 



Figure 3. Symbolic model of the boost DC-DC converter for rj 



40^ 



(left); Con- 



troller for the symbolic model (right) (dark gray: mode 1, light gray: mode 2, medium 
gray: both modes are acceptable, white: uncontrollable states). 



We consider two different values of the precision parameter e. We first choose a precision e = 2.6 
which can be achieved by choosing r/ = ^ . This precision is quite poor and makes the computed 
symbolic model of no practical use. However, it helps to understand the second experiment decribed 
further. On Figure [3j the symbolic model of the boost DC-DC converter is shown on the left, red and 
blue arrows represent the transitions associated with mode 1 and 2, respectively. We only represented 
the transitions that keep the state of the symbolic model in the set I' = [1.3, 1.7] x [5.7, 5.8]. Using 
supervisory control [RW87_] , we synthesized the most permissive controller that keeps the state of 
the symbolic model inside 2'. It is shown on the right figure, the color of the boxes centered around 
the states of the symbolic model gives the corresponding action of the controller: dark and light 
gray means that for these states of the symbolic model the controller has to use mode 1 and 2, 
respectively; medium gray means that for these states the controller can use either mode 1 or mode 
2; white means that from these states there does not exist any switching sequence that keeps the 
state of the symbolic model in I', i.e. these states are uncontrollable. From this controller, using 
the approach presented in |Tab08| . one can derive a controller for the boost DC-DC converter that 
keeps the state of the switched system in T = [1.3 — e, 1.7 -|- e] x [5.7 — e, 5.8 -|- e] . Clearly, the chosen 
precision is too large to make this controller useful from a practical point of view. 

The second value we consider for the precision parameter is e = 0.026. This precision can be achieved 
by choosing t] = ^ . We do not show the symbolic model as it has too many states (642001) to 

be represented graphically. We repeat the same experiment with this model, the most permissive 
controller that keeps the state of the symbolic model in X' is shown in Figure |4J on the left. The 
computation of the symbolic model and the synthesis of the supervisory controller, implemented 
in MATLAB, takes overall less than 60 seconds. From the controller of the symbolic model, we 
derive a controller for the boost DC-DC converter that keeps the state of the switched system in 
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T = [1.3 — e, 1.7 + e] X [5.7 — e, 5.8 + e]. We apply a lazy control strategy, when the controller can 
choose both modes 1 and 2, it just keeps the current operation mode unchanged. A state trajectory 
of the controlled boost DC-DC converter is shown in Figure |4] on the right. We can see that the 
trajectory remains in the invariant set. 
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Figure 4. Controller for a symbolic model of the boost DC-DC converter for r] = 
^ (left) (dark gray: mode 1, light gray: mode 2, medium gray: both modes are 

acceptable, white: uncontrollable states); Trajectory of the boost DC-DC converter 
using the previous controller (right). 



5.2. Multiple Lyapunov functions. We now consider a second example inspired by a well known 
switched system with stable subsystems and exhibiting unstable behaviors (see e.g. |Lib03j ). The 
system has two modes and the state space is M^. The dynamics associated with both modes are 
affine of the form x{t) = Ayx{€) + bp {p = 1,2) with 



^1 



-0.25" 



[0.25] 



r-0.25 1 1 /I _ r-0.25 2 1 I, _ r-0.; 

[ -2 -0.25 J ' ^2 - [ _i -0.25 J ' ^i - [ _. 

We consider a control design problem with a safety specification: the goal is to keep the trajectories 
of the switched system within a specified region of the state-space, denoted T, while avoiding a 
specified subset of unsafe states U <^ T. We assume that U contains the equilibrium points of both 
systems and therefore the specification cannot be met by neither Si nor S2. 

The system does not have a common (5-GAS Lyapunov function because it exhibits unstable behaviors 
for some switching signals (e.g. apply periodically mode 1 during 1 time unit, then mode 2 during 
1 time unit and so on). However, each subsystem has a (5-GAS Lyapunov function of the form 
Vp{x, y) = yJ{x-y)^Mp{x-y), with 

Mi = [g?],M2 = [iO]. 

The corresponding 5-GAS Lyapunov functions have the f ollow ing characteristics: a{s) = s, a{s) = 
V2s, K = 0.25. Moreover, the assumptions of Theorem 2.8 hold with /i = v2, and a dwell-time 



Td 



2 > 



log(M) 



Here, again, the switched system is (5-GAS however it is not GAS because the 



subsystems do not share a common equilibrium point. Also, equation (2.8) holds on the entire 
state-space with 7(5) = \/2s. We set the sampling period to r^ = 0.5. Then, a symbolic model 
can be computed using the procedure described in Section 4.2. According to Theorem |4. 2 [ a desired 
precision e can be achieved by choosing a state space discretization parameter r] satisfying r/ < e/48. 
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We choose t] = ^ , corresponding to a precision e = 0.34. Then, we used supervisory control 
to design the most permissive controller that keeps the state of the symbolic model within the set 
2' = [—6,6] X [—4,4] while avoiding W = [—1.5,1.5] x [—1,1]. Though our symbolic model has 
7696008 states, the overall computation, including the determination of the symbolic model and the 
synthesis of the controller, takes only about 130 seconds. 

The controller is shown on Figure [5J On the left, respectively on the right, we represented the 
possible control actions when the current mode is 1, respectively 2, and the dwell time has elapsed 
(i.e. switching is enabled). Dark and light gray means that for these states of the symbolic model 
the controller has to use mode 1 and 2, respectively; medium gray means that for these states the 
controller can use either mode 1 or mode 2; white means that these states are uncontrollable and 
the specification cannot be met from these states. 





Figure 5. Controller for the symbolic model. Possible control actions when the cur- 
rent mode is 1, respectively 2, and the dwell time has elapsed (left, respectively right) 
(dark gray: mode 1, light gray: mode 2, medium gray: both modes are acceptable, 
white: uncontrollable states). 



From the most permissive controller represented on Figure [5| we designed a lazy controller for the 
symbolic model. Unlike the most permissive controller, the lazy control strategy can be implemented 
regardless of the current mode and of the time elapsed since the latest switching. The controller 
is represented on Figure |6] on the left: dark and light gray means that for these states of the 
symbolic model the controller has to use mode 1 and 2, respectively; medium gray means that for 
these states the controller must keep the current mode unchanged; white means that these states are 
uncontrollable. Let us remark that by design, this controller satisfies the dwell time constraint though 
it does not appear explicitely in the controller description. Using the approach presented in |Tab08| , 
one can derive a controller for the switched system, that keeps the state of the switched system within 
the set I = [— 6 — e,6-|-e] x [— 4 — e,4 + e] while avoiding U = [— 1.5 + e, 1.5 — e] x [—1 -|-e, 1 — e]. On 
Figure |6] in the center, we represented an example of switching signals generated by the controller 
and the corresponding evolution of the state variables. We can check that the switching signal 
indeed has dwell time 2. On the right, we represented the associated trajectory of the switched 
system, satifying the safety property. 
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Figure 6. Lazy controller for the symbolic model: (left) (dark gray: mode 1, light 
gray: mode 2, medium gray: keep current mode unchanged, white: uncontrollable 
states); Switching signal generated by the lazy controller and corresponding evolution 
of the state variables, switching signal has dwell time 2 (center); Associated trajectory 
of the switched system (right). 

6. Conclusion 

In this paper, we showed, under assumptions ensuring incremental stability, such as existence of a 
common 5-GAS Lyapunov function or multiple (5-GAS Lyapunov functions with dwell time, the exis- 
tence of approximately bisimilar symbolic abstractions for switched systems. The proof of existence 
is constructive: these abstractions are effectively computable and any precision can be achieved. 
Two non-trivial examples of controller design based on symbolic models of switched systems have 
been shown. 

The authors are currently improving the presented results in two different directions. The controllers 
resulting from arbitrary specifications may require switching surfaces with complex geometries. This 
increases the space complexity of controllers and complicates its real-time implementation. To ad- 
dress this difficulty, the authors are currently investigating the synthesis of more conservative con- 
trollers that are guaranteed to have lower complexity switching regions. The other direction being 
investigated is the most efficient enforcement of the dwell time requirement. Instead of building 
this requirement in the symbolic model, which results in larger symbolic models, it is possible to 
incorporate this requirement as part of the overall specification. We can thus synthesize controllers 
based on smaller symbolic models while meeting all the dwell time requirements. 
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